Ep. 34 Weaponized Files and Federal Cybersecurity

November 15, 2022

In today’s interview, Darrin Curtis from Menlo Security gives an overview of how to protect against new kinds of cyber threats to the federal government. Rather than a direct assault, a new breed of malicious actors take files that are considered to be safe and incorporate malicious code. To describe this new category, he uses a curious acronym HEAT, Highly Evasive Adaptive Threats.

Malicious actors leave no stone unturned in creative ways to attack federal technology. We all know that the perimeter has been breached and we must rely on Zero Trust Architecture. The next level of attack is to attack the word “trust” itself.

Traditionally, file formats like PDFs have been viewed as unbreakable. When most people get an email from a colleague with a PDF file, they would normally trust it. This is also true with Excel or Word documents that are transferred on a normal business day.

Today, these files can have malicious code injected into them.

#weaponized files "But it's detonating in the cloud away from the the person's machine or the agency network"

Darrin Curtis, Menlo Security Tweet

Another approach is to take advantage of that “trust” is by altering HTML code. Some malicious actors will disguise malware into HTML code, called “HTML Smuggling.” This time, instead of a PDF in an email, it may be an innocent link. This is made possible by HTML5’s ability for download capability.

During the interview, Darrin reinforces the concept that compliance does not ensure an agency is secure. Some studies show ransomware is one of the biggest single threats to government networks; the delivery mechanism can include these HEAT files.

If this interview piques your interest in Menlo Security, then you can download the free report titled “Modernizing Secure Access Through Zero Trust”

Also, to expand the topic of trust, you may want to listen to episode #27 Using Technology to Build Trust in the Federal Government